-
Notifications
You must be signed in to change notification settings - Fork 406
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Chrome Version 124 Update is breaking the DTLS Handshake for WebRTC #1104
Comments
I'm able to reproduce this with Chrome 124 but not Chrome 123. Cannot connect in Chrome 124. |
I am also able to reproduce this issue on 124.0.6367.61. Everything worked as expected on 123.0.6312.123. Microsoft Edge 123.0.2420.97 is also working as expected. |
I used the chromium diff tool and narrowed the the version down some more: You are probably looking for a change made after 1271606 (known good), but no later than 1271645 (first known bad). |
I grabbed a snapshot of Vivaldi to find that the issue occurs with 124.0.6367.35 You can compare via Google's source using versions tags https://chromium.googlesource.com/chromium/src/+log/123.0.6312.123..124.0.6367.35 There are 7 pages of commits |
BouncyCastle.Cryptography package is no more here : https://www.nuget.org/packages/Portable.BouncyCastle/ |
Upgraded to newest BouncyCastle, confirmed it works in Firefox after upgrading, but still getting the same behavior. This appears related as well: https://stackoverflow.com/questions/78273680/webrtc-connection-could-not-be-established-on-chrome-124 |
You confirm it's also working on Chrome 123 with newest BouncyCastle ? |
Yes, after upgrading to the newest BouncyCastle, I can confirm Chrome 123 such as 123.0.6288.0 still works. I was able to get BouncyCastle to work by downloading BouncyCastle and commenting out this code: //if (clientCertificateType < 0 |
chrome://net-export/ Something in here that is suspect is t= 703 [st= 1] UDP_SEND_ERROR |
Here are a few more details on we have tried so far: Looking at this issue: We pulled in this code here: After still having issues we ended up cloning the BouncyCastle repo and debugging.
After commenting out this code as mention here:
Its started working for on Chrome 123 but still FAILING for 124 It would seem simply adding the new BouncyCastle is not enough. Trying to look into what chrome thinks is wrong now. |
Chrome 124 (doesn't work) Chrome 123 (works) |
We found the issue: Chrome is now checking certificate type and needs to be passed the correct one in Certificate Request, Apparently WebRTC should be using ECDSA. In DtlsSrtpServer.cs line 251 change the return to this and it will start being accepted by Chrome. |
… On Thu, 18 Apr 2024 at 20:10, Cyril Moore ***@***.***> wrote:
We found the issue:
Chrome is now checking certificate type and needs to be passed the correct
one in Certificate Request, Apparently WebRTC should be using ECDSA.
In DtlsSrtpServer.cs line 251 change the return to this and it will start
being accepted by Chrome.
return new CertificateRequest(new byte[] { ClientCertificateType.rsa_sign,
ClientCertificateType.ecdsa_sign }, serverSigAlgs, null);
—
Reply to this email directly, view it on GitHub
<#1104 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABQIHCH3LUKM2V2OAEH7MTY6ALCTAVCNFSM6AAAAABGMG66QOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANRUHE4TKOBYGA>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
I have the latest version of spisorcey (6.2.3.0), but it still gives me the same error |
Me too... We use SIPSorcery as a bridge between the client and the SIP Server (managed RTCPeerConnection + RTPSession in a auto dialer). Thank you guys. |
I just cloned and built the project and added that as a dependency. This indeed fixed the problem, so the version on Nuget is confirmed to not have the fix published. |
A version bump would be appreciated. |
I just updated my chrome to:
Chrome Version 124.0.6367.61 (Official Build) (64-bit)
And now my app gets:
[19:33:17 DBG] Peer connection closed with reason dtls handshake failed.
Looking deeper I see this exception being thrown:
Org.BouncyCastle.Crypto.Tls.TlsFatalAlert: 'handshake_failure(40)'
I just pulled the latest from master and it still seems to be happening.
Anyone have any idea what is going on? I would guess Chrome restricted their cipher suites and now its breaking.
The text was updated successfully, but these errors were encountered: